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Abstract 



Galois rings are regarded as "building blocks" of a finite commutative ring with 
identity. There have been many papers on classical error correction codes over Galois 
rings published. As an important warm-up before exploring quantum algorithms and 
quantum error correction codes over Galois rings, we study the quantum Fourier 
transform (QFT) over Galois rings and prove it can be efficiently preformed on 
a quantum computer. The properties of the QFT over Galois rings lead to the 
quantum algorithm for hidden linear structures over Galois rings. 
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1 Introduction 



Quantum Fourier transform (QFT) is a main tool in constructing some quantum 
algorithms, for example, Shor's algorithm [Ij. Readers are invited to refer to 
the Chapter 5 in the textbook by Nielsen and Chuang [2] for the definition of 
the QFT and its applications. The QFT over finite fields was introduced in two 
papers ^\^: the one by De Beaudrap, Cleve and Watrous and the other by Van 
Dam and Hallgren. The properties of the QFT over finite fields directly give rise 
to quantum algorithms for hidden linear/non-linear structures over finite fields 

A ring contains more algebraic structures than a field: every field is a ring 
but not every ring is a field. Galois rings [Q [3 [8] are regarded as "building 
blocks" of a ring. Quantum information and computation [2j over Galois rings 
is to be a very meaningful research topic. The QFT over Galois rings possibly 
leads to interesting quantum algorithms, for examples, quantum algorithms for 
hidden linear /non- linear structures over Galois rings (or even a ring). Quantum 
error correction codes [9j over Galois rings can be explored because there are 
many classical error correction codes over Galois rings, see [71 [8l [TO] for relevant 
references. Hence our research on the QFT over Galois rings is an important 
warm-up to study quantum algorithms and quantum error correction codes over 
Galois rings. 

The remainder of this paper is organized as follows. Section 2 collects basic 
facts on Galois rings used in the following sections. Section 3 defines the QFT 
over Galois rings and analyzes its main properties. The second proof for the 
lemma 13.41 comprehensively exploits various properties of Galois rings. Section 
4 proves that the QFT over Galois rings can be efficiently implemented on a 
quantum computer. The properties of the discriminant matrix over Galois rings 
are discussed from different points of view. Last section remarks the QFT over a 
ring. 

2 Preliminary on Galois rings 

A ring A is a set equipped with addition and multiplication. It is an abelian 
group with the unit under addition, denoted by {A, +). It is a semigroup with 
the unit 1 under multiplication, denoted by {A, .), in which an invertible element 
is called a unit but some elements may have no inverses. A nonzero element 
a € ^ is called a zero divisor if there is another nonzero element b G A satisfying 
ab = 0. 

Our notations on Galois rings are taken from the book [8] by Wan. R = Zps 
denotes the residue class ring of integers Z modulo for a prime number p and 
an integer s > 1, i.e., 

R = Zps = {0,1,2,- ■■ ,p'-l}. (2.1) 
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R' = GR{p^ ,p'^"^) denotes a Galois ring of characteristic and cardinality p*™, 
where m is some integer m > 1. The ring i? is a subring of R' , and the ring R' 
is an extension of the ring R. 

For m = 1, the Galois ring R' corresponds to a residue class ring R'l^y^^i = Zp3 , 
and for s = 1, it corresponds to a finite field R'\s=i = F^m. 

An arbitrary element a of the Galois ring R' can be expressed in two ways. 
In the additive formalism, a is uniquely expressed as 

m— 1 

a=^aif with Oi^R, (2.2) 

where ^ is a root of a monic basic primitive polynomial, 

h{X) = ho + hiX + --- + hm-iX""'^ + X"^ G R[X] (2.3) 

of degree m over i?. 

In the p-adic formalism, a is uniquely expressed as 

s-l 

a = ^Up' with eTp- = {0,1, e,--- (2.4) 

where the set Tpm is referred to as the Teichmiiller set. 

In the p-adic formalism (j2.4p . a is a unit if and only if to 7^ 0, and it is a zero 
divisor or if and only if to = 0. 

Lemma 2.5. Given an arbitrary zero divisor a of the Galois ring R' , it can be 
expressed as a = pPa' , l<i<s — 1 where a' is a unit of R' . 

Proof. In the p-adic formalism, the zero divisor a £ R' has a unique form 

a = tjp> + ■■■ + ts-ip"-^ = p'a, tj / 0, 1 < J < s - 1 
where a' = tj + • • • + t^-ip'*"-'"^ is a unit of R' . □ 

The Frobenius automorphism of the Galois ring R' over i? is a map (j) uniquely 
defined by </>(^) = and (j){r) = r for all r G R. Define a composition of the 
Frobenius automorphism (j) as 

o </., </>° = l, i = 0,1,2,... (2.6) 

Observe that (j)"^ = 1. The Galois group Gsd{R' / R) of the ring extension R' / R 
is the cyclic group (</>) of order m generated by (j). The trace Tr = Tr^/ of this 
ring extension is defined by 

Tr:R'^R, Tr{a) = ^ (^(a) . (2.7) 

VJS Gal (iJ'/iJ) 



3 



It satisfies the following properties: 

Tr{a + (3) = Tr{a) + Tr{j3), Tr{(t){a)) = Tr{a), 

Tr{aa) = aTr{a), Tr{a) = ma for all a £ R . (2-8) 

Hence the trace mapping Tr is a surjective homomorphism from the additive 
group to the additive group {R,+). 

3 The QFT over the Galois ring R' 

We introduce the QFT over the Galois ring R', study its main properties, and 
present two types of proofs for the lemma [331 

3.1 Notations 

The Galois ring R' is a module over its subring R, namely R x R' ^ R' , see the 
book [llj by Shoup for our notations on module and matrix over a ring. 
In the additive formalism (j2.2p of the Galois ring R', the set {C}Z~o^ 

ms a 

basis of this module on R, and its element x G i?' has a simpler notation x = -S, 
with the row vector x'^ G R^^"^ and the column vector i?""^^, 

x^ = (xo,--- f = {e,--- ,r-') (3.1) 

where T denotes the matrix transpose. 

The set of all Dirac kets is an orthonormal basis of the Hilbert 

space C^", and hence the set of all m-tuple tensor products of Dirac kets \xi), 
i = 1, - ■ ■ ,m — 1, denoted by 

\x) = \xo) \xi) (g) • • • (gi \Xm~l), X e R' 

gives rise to an orthonormal basis of the Hilbert space (C^')®™-. The set {\x)} 
satisfies "^^gR' = Idpl^ where Idps denotes the p'^-dimensional identity. 

Introduce a character Xa for the finite abelian group {R' , +) by 

= KO'"'^""^ i^ps = e''^, uGR' (3.2) 
with the multiplication law given by Xa ° X/3 = Xa+i3, G R' ■ It satisfies 

Xa{u + V) = Xa{u)Xa{v), U,veR', 

and so it is a group homomorphism from the additive group {R' , +) to the mul- 
tiplicative semigroup {R',-)- 

Let J^R' denote the QFT over the Galois ring R' . We use the additive character 
Xa (13.2P to define J^ri as 

^R' = Xaiu)\a){u\. (3.3) 

At m = I, is the QFT over R = Zps [2]. At s = 1, Tr, is the QFT over 
the finite field F^™ I3ll4j. 
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3.2 Properties of the QFT over E! 

We describe the properties of the J-ri (|3.3p in three corollaries of the lemma (|3.4p . 

Lemma 3.4. Let R' denote the Galois ring GR{p^ ,p'^"^) and Xa denote the ad- 
ditive character, a & R' . Then the character Xaiu) has the property 

Ex«W=^''"''^"-0= ^0 ' " . (3.5) 

Proof. It is obvious for a = 0. For a 7^ 0, there exists an element v £ R' satisfying 
Xa{v) 7^ 1, and we have 

X] = J2 ^"(^ + V) = Xaiv) ^ Xa{u) =^ ^ Xa{u) = 

ueB' ueB' ueR' ueR' 

since Xa p.2p is a nontrivial character of the additive group (i?', +). □ 
Corollary 3.6. The set of all p^^^- dimensional normalized vectors, 

Xa = —^iXa{u))ueR' , a£R' 

is an orthonormal basis of the Hilbert space CP""^ , and we have 

Xa(X/3)"^ = ^ J2 Xaiu)x*p{u) = 5a,l3, a,/3 G R' 

^ ueR' 

where f denotes the Hermitian conjugation. 

Hence the p^"^ x p"^"^ matrix -^/=m{Xa{'u))a,u(^R' is a unitary matrix, and the 
QFT over R' , (13. 3p is a unitary transformation, namely, 

^R'^'^R' = ^Ri^R ' = I dps"' 
in the Hilbert space (Cp')®'". 

Corollary 3.7. The shift operator Sa on the Galois ring R' , defined by 

Sa = \u + a){u\, a £ R' , 

u£R' 

is diagonalized by the QFT over R' , J^j^/ \3. namely, 

ueR' 
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Proof. After some algebra, we have 



J^R'SaJ^\, = ^ Xa{u)Xu-t{v)\u){t\ (3.8) 

^ u,v,t<^R' 

and then prove the corollary with the lemma [331 D 

Corollary 3.9. Let and Br denote the control additive gates: Ar\x)\y) = 
\x)\y + rx) and Br\x)\y) = \x + ry)\y), x,y,r E R' . Then they have the con- 
trol/target inversion property given by 

(^t ® ^R')M^R' ^:fI) = Br 

Proof. We use the same methodology [3] of proving the control/target inversion 
property for control additive gates over finite fields. The proof is an application 
of the corollarv 13.71 □ 

De Beaudrap and coauthors [3] introduced control additive gates over finite 
fields and realized that the control/target inversion property derives the quantum 
algorithm for hidden linear structures over finite fields. Therefore the corollary 
13.91 leads to the same quantum algorithm for hidden linear structures over Galois 
rings, see ^ for this algorithm. 



3.3 The second proof for the lemma [3.41 

The proof for the lemma 13.41 is based on the fact that Xa (13. 2p is the character of 
the additive group (ii',+). On the other hand, the additive character Xa (|3.2p 
contains information on the multiplicative semigroup {R' , .), and therefore the 
lemma [33] can be proved only with properties of the Galois ring R'. 

Given an element a G i?', it is either or 1 or a non-identity unit or a zero 
divisor. Hence we prove the lemma \3M in the following four steps. 

Denote x{oiu) = Xa{u), u £ R' . 

1) . a = 0. We have x(0) = then 1 = p'^™ to prove the lemma. 

2) . a = 1. The trace mapping Tr over the Galois ring F{! relative to R is 
a surjective additive group homomorphism from {R',+) to (i?, +). Denote the 
kernel of this homomorphism by 

ker(Tr) = {w € R'\Tr{v) = 0} 

and then the quotient group R' /ker{Tr) is isomorphic to R = TL^a. The isomor- 
phism gives rise to a partition of the Galois ring i?' as a disjoint union of the 
kernel ker{Tr) and cosets {zi + Ker{T)) with Tr{zi) = i,z = l,---,p'* — 1. This 
partition derives the cardinality of ker{Tr) or (zj -|- ker(Tr)) as Hence 
we have 

Y.x{u)=P^"'~'^'Y.M' = 0- (3.10) 
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3) . As a is a unit, the mapping u v = au is bijective due to the existence 
of a^^, and we have 

u&R' v€R' 

which uses the statement in the step 2). 

4) . As Q is a zero divisor, with the lemma [231 it has the form of a = p^a' , 
^ ^ j ^ s — 1, where a' is a unit of the Galois ring R' . We have 

Y Xiau) = Y = E i^P-^r^''^ = (3-11) 

ueR' ueR' veR' 

which exploits the steps 2) and 3). 

A nice additive character for the additive group of a ring has properties of its 
multiplicative semigroup so that the related QFT over this ring has an efficient 
implementation on a quantum computer. The second proof for the lemma 13.41 
and Section 4 suggest the character Xa (|3.2p as an example for the nice additive 
character. 



4 An efficient implementation of JT^/ 

We study the factorization of J^r' (13. 3p in terms of J^r = J^n' \m=i and then prove 
that it can be efficiently performed on a quantum computer. We collect basic 
facts on the discriminant matrix D ()4.ip of the Galois ring B! . 

4.1 Factorization of JF^./ 

An m X m matrix associated with the basis {C*}i^o^ °^ module R' on R, 

D = (A,)o<^j<m-i, Ai = Tr (4.1) 

is called the discriminant matrix over the Galois ring i?', and it is the Hankel 
matrix satisfying Aj = A+i,j-i- We express the trace of the product of two 
elements x,y £ R' as 

Tr{x-y) = x^Dy = x''^y, x'^ = {Dx)i = Tr{xC). (4.2) 

Namely, we decomposes the trace of x • ?/ as a linear summation of the products 
of two elements x[,yi G R. 

Let J^R denote the QFT over the residue class ring of integers R (Zps ) , 

•^^ = 7^ E M'''''''\yi){xi\, l<i<m-l, (4.3) 

Xi,yi&R 

and then we describe !Fri (13. 3p as the composition of an m-fold tensor product 
of Tp; and a shift operator lij:, , 
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where x' = (Dx)'^ ■ ^. Obviously, the properties of Ud are determined by the 
discriminant matrix D. 

4.2 The discriminant matrix D is invertible 

The set {\x)}xeR' is an orthonormal basis of the Hilbert space (Cp")®™. As the 
discriminant matrix D is invertible, the map x i— > = Dx is bijective, and 
the set {\x')}x'^R' also forms an orthonormal basis of (C^')®*". Hence the shift 
operator Ud is a unitary transformation. Furthermore, we can derive uj^ = U^-i . 

Lemma 4.5. The discriminant matrix D j[ j is invertible. 

Proof. The discriminant matrix D is invertible if and only if its rows form a basis 
q£ ^ixm^ or equivalently, the following equations 

m—1 m—1 

Y,bi ■ rowi{D) = O^Y,^^^ij = ^^ j = 0,---,m-l (4.6) 

i=0 i=0 

admit only h = solution. 

-T 

Assume a nonzero solution b = {bo, 

and a corresponding nonzero element /? = 
element a = a-^ • ^ G i?', we calculate 

Tr{(3 .a) = b'^-D-a = (4.7) 

where a,b £ R"^^^. 1). As /3 is a unit of R' , i.e., its inverse (3~^ exists, replacing 
a with (3~^a gives rise to Tr(a) = for a G R' . 2). As /? is a zero divisor of i?', 
with the lemma [231 it has a form of /? = p*^/?', 1 < A; < s — 1 where P' is a unit 
with the inverse and then we have 

/ Tr{/3'a) = ^ p'' Tr{a) = (4.8) 

suggesting that Tr(a) is either zero or a zero divisor of R. 

Hence, if /? 7^ 0, then Tr{a) for a G i?' is a zero divisor or zero. This 
contradicts with the fact that the trace map Tr : R' ^ Ris surjective. Therefore, 
P = 0, namely the equation b -0 = only has a zero solution 6 = 0, which is 
equivalent to the existence of D~^, the inverse of the D matrix. □ 

This proof suggests: if {C*}™o^ ^ basis of R' then exists. On the 
other hand, it is easy to prove: if exists then {^*}^q^ forms a basis of R' . 
The matrix D is hence called the discriminant matrix associated with the basis 
{C}T=o^ of the Galois ring R'. 



• • • , bm-i) of the equation b -0 = 
= b • ^ G i?'. With another arbitrary 
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4.3 Remarks on the discriminant matrix D 



The lemma 14. 5[ the existence of over the Galois ring R' , can be proved 
in the other way. If D^^ exists, then the map D : x ^ Dx is bijective. This 
means the kernel of this map D is trivial, namely Dx = if and only if x = 0. 
Assume a nonzero y satisfying Dy = 0. 1). As y is a unit of R\ the set {yC}^^ 
is a new basis of the Galois ring R' . We expand a G R' with the new basis, 
— X^S^ o-i{yO^ ^-iid then apply the trace map to get Tr{a) = for q G i?' 
due to y D = 0. 2). As y is a zero divisor of R' , with the lemma [23} we denote 
y = p^y\ I < k < s-1 with y' a unit. We have p'^rr(y'^*) = due to Tr{yO = 0. 
Expand a G R' with the new basis {y'C}^^^-, namely a = YllXo^ ^'iiv' 
we have p^Tr{a) = which suggests Tr{a) either a zero divisor or zero. Since 
the trace map Tr is surjective, the kernel of this map D has to be trivial, and 
hence D is invertible. 

Here, we make a sketch on how to compute the discriminant matrix D (j4.ip 

-T - 

over the Galois ring R'. Given a basic primitive polynomial ^™ = h • ^ from 



2^ with roots ^, ^p, 



1). Gompute in a recursive procedure. 



where is calculated via 



(4.9) 



V 



k—m+l 



(4.10) 



/ 1 • • • /lo \ 
1 ••• hi 
y= 1 ••• h2 

V • • • 1 / 

2). Compute Tr{E,^), l<i<m— lin terms of 1 < j < p'" — 2, with the 
definition of the trace (j2.7p . 3). Gompute Tr(^*), m < i < 2m — 2 in terms of 
Tr{S^^), 1 < j < m — 1, with the help of the formula (j4.9|) . 4). We obtain all 
entries of the discriminant matrix D (14.11). 






V 1 / 



4.4 Complexity analysis of implementing jF^j/ 

Denote n = logp*. Assume that the discriminator matrix D (j4.ip is known via 
relevant classical computation. 

The factorization formalism (j4.4p of the QFT J^r' describes an efficient quan- 
tum circuit for the implementation of J^ji' . It is known that the QFT J^ji ()4.3p can 
be efficiently approximated [12]. The invertible discriminant matrix D gives rise 
to the bijective map, D : i?®™- i?®™. This map can be efficiently performed 
as a permutation on a classical computer, and hence the corresponding unitary 
transformation, 

Un : (CP')®™ ^ (CP')®™ 
can be efficiently performed on a quantum computer |13j . 
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The bijective map from x to Dx ensures that the vector x can be computed in 
a polynomial time with the known D and Dx. The vector Dx can be computed 
in time 0{m?). Hales and Hallgren [12j proved that there exists a quantum 
algorithm to approximate the QFT J^pi over R = Zps within accuracy e which 
runs in time 0{nlog j + log^ j). Hence J-^' can be performed in a polynomial 
time 0{m?) + mO{n log j + log^ ^) within accuracy e. 

Let C{p^, e) denote the minimum size of a quantum circuit approximating the 
QFT Tji over R within accuracy e, and then performing T^"^ needs a quantum 
circuit with the size mC{p^, e). The matrix operation Dx can be performed in a 
circuit with size O^mPn^), namely, each arithmetic operation needs a circuit with 
size n . Hence J-^/ is performed on a quantum circuit with the size 
mC{p^, e). 

Therefore, the QFT J^ri i4-4\ ) over the Galois ring R' can be performed within 
accuracy e in a polynomial time 

0{m^) + mO log - + log^ 
and by a quantum circuit of the size 0{m?n'^) + mC{p^, e). 



5 Comments on the QFT over a ring 

With the help of the QFT over Galois rings, the QFT over a finite commutative 
ring with identity can be defined in principle. 

A finite commutative ring with identity is expressed as a direct sum of local 
rings, and a local commutative ring can be characterized as a homomorphic image 
of a polynomial ring over a Galois ring, see [U [7] for related theorems and proofs. 
The simplest example is the fundamental theorem of arithmetics: given a unique 
prime factorization of the integer m by 

m = Pi^P2^ • • •p^'' , n-i £ f^,Pi prime, 1 < i < k, 

there is a ring isomorphism 




which defines the QFT over in terms of the QFTs over Zpi. 

De Beaudrap and coauthors |3j proved that if the QFT over a ring has the 
property of the control/target inversion then the QFT over the matrix ring has 
the same property. A matrix ring over a finite commutative ring is often a 
noncommutative ring, and hence the QFT over a noncommutative ring can be 
discussed via the QFT over a finite commutative ring with identity. 
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